03 Feb Knock Knock: Password please
Hackers can guess 76 percent of the passwords in a data breach according to Agent & Broker magazine. Someone scratching at your online door with lots of determination may be able get at your passwords so why make it easy. Password strength can save you a lot of anguish. So, what makes a strong password – and one that you also can remember?
Let’s cover the “don’ts first:
- Don’t use linear sequences (e.g. 123456) or key strokes (e.g. QWERTY)
- Don’t use family member names, birthdates or social security numbers
- Don’t use any of the 25 most popular passwords
- Don’t use the same password for all your log-in web sites
It’s hard to believe but the word “password” has been deposed as the most popular password according to Slate Magazine by, get this, “123456.” Really? The article discusses the “25 Worst Passwords” and includes some amusing commentary.
Here are some suggestions that can keep your passwords strong, fresh and memorable.
- Use eight characters or more (see chart below).
- Mix it up with UPPER CASE and lower case letters, numbers and symbols (!nSuRaNc3100#)
- Use a phrase you can easily remember that has meaning for you (“Don’t let the bed bugs bite” can become “DoLeThBeBuB!TE6”
- If you use just one password, change it periodically and tailor it to the site you’re using by adding something meaningful only to you (!nSuRaNc3Postq3)
- Consider words from a foreign language. English is the basis for most word search software.
Despite recent high profile data breaches, a very small percentage of Americans match their degree of worry with a change in behavior. Think of your own passwords – when was the last time you updated them? To help yourself avoid the hackers, put a reminder in your calendar to change those passwords every four to six months.
Another common but risky practice is putting your passwords in writing then leaving them near your computer at home or at work. Some security advisers say never write down your passwords – keep them on a USB stick that is password protected and always in your possession.
If you are ever hacked, have your identity stolen or have a physical break-in at your home or place of work, immediately change all passwords as you can’t tell what the intruder may have taken. Laptop computers are a favorite target for thieves.
There also is password management software that comes in a variety of flavors. Do a web search to determine which software best suits your needs or check Consumer Reports for guidance.
To put a fine point on how easy it is hack passwords, an article on lastbit.com explains the formula they use to calculate the time it takes to identify a password:
| Password characteristics | 4 characters | 8 characters | |
| No-case, letters only | <1 minute | 24 days | |
| No case, letters and digits | <1 minute | 10.5 months | |
| U/L case | 1 minute | 17 years | |
| All printable characters | 13 minutes | 2,287 years |
Though the table suggests that most passwords of eight or more characters take a long time to discover, for the dedicated hacker with nothing else to do and lots of sophisticated software, it’s only a matter of time.
At Clark Insurance we know more about cyber liability and security so you can worry less. Call us for answers.
At Clark Insurance we know more about cyber liability and security so you can worry less. Call us for answers.